Known Vulnerabilities for products from Forgerock
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Forgerock".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24670 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-10-27 | 2022-10-31 |
| CVE-2022-24669 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-10-27 | 2022-10-31 |
| CVE-2022-0143 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-09-19 | 2022-09-21 |
| CVE-2021-37154 | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraud... | 9.8 - CRITICAL | 2021-08-25 | 2021-09-01 |
| CVE-2021-37153 | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentica... | 9.8 - CRITICAL | 2021-08-25 | 2022-07-12 |
| CVE-2021-35464 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. ... | 9.8 - CRITICAL | 2021-07-22 | 2021-08-02 |
| CVE-2021-29156 | ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can... | 7.5 - HIGH | 2021-03-25 | 2021-03-29 |
| CVE-2020-17465 | Dashboards and progressiveProfileForms in ForgeRock Identity Manager before 7.0.0 are vulnerable to stored XSS. The vulnerabi... | 6.1 - MEDIUM | 2020-08-31 | 2020-09-04 |
| CVE-2019-3800 | CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the use... | 7.8 - HIGH | 2019-08-05 | 2019-10-09 |
| CVE-2018-7272 | The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitiv... | 6.5 - MEDIUM | 2018-02-21 | 2018-03-18 |
| CVE-2017-14395 | Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 do... | 6.1 - MEDIUM | 2019-06-19 | 2019-06-21 |
| CVE-2017-14394 | OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 d... | 6.1 - MEDIUM | 2019-06-19 | 2019-06-21 |
| CVE-2016-10097 | XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remot... | 7.5 - HIGH | 2017-01-02 | 2017-01-11 |
| CVE-2016-6500 | Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the Searc... | 8.1 - HIGH | 2017-02-03 | 2017-03-02 |
| CVE-2014-7246 | The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed... | 3.5 - LOW | 2014-11-14 | 2015-02-10 |
Known software with vulnerabilities from Forgerock
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Forgerock | Access Management | 5.0.0 |
| Application | Forgerock | Identity Manager | 6.0.0.6 |
| Application | Forgerock | Openam | 9.5.3 |
| Application | Forgerock | Service Broker | - |